CVE-2020-6215

MEDIUM

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 -...

Title source: llm
STIX 2.1

Description

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0040
EPSS Percentile 60.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (11)
sap/netweaver_as_abap_business_server_pages 700
sap/netweaver_as_abap_business_server_pages 701
sap/netweaver_as_abap_business_server_pages 702
sap/netweaver_as_abap_business_server_pages 730
sap/netweaver_as_abap_business_server_pages 731
sap/netweaver_as_abap_business_server_pages 740
sap/netweaver_as_abap_business_server_pages 750
sap/netweaver_as_abap_business_server_pages 751
sap/netweaver_as_abap_business_server_pages 752
sap/netweaver_as_abap_business_server_pages 753
... and 1 more
Published Apr 14, 2020
Tracked Since Feb 18, 2026